[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: [syslog-ng]elegant swatch solution
From: Nate Campi <nate () campin ! net>
Date: 2001-11-10 7:11:58
[Download RAW message or body]
I found a clean way to use swatch to watch all your syslog messages from
syslog-ng. Normally you need to tell swatch to tail a file, so if you
want swatch to watch all your logs you have to either send all messages
to one file or run multiple instances of swatch.
I came up with this tonight:
# hack to get swatch to read from stdin
destination swatch { program("/usr/bin/swatch --read-pipe=\"cat /dev/fd/0\""); };
# send all logs to swatch
log { source(src); destination(swatch); };
The source "src" is all my logs on that box. This works like a charm, and
if syslog-ng is restarted, so is swatch, so you don't need to worry
about HUP'ing/restarting swatch - ever!
This way you can let swatch monitor your logs instead of using match()
directives - since swatch has built in throttling on alerts I find it
nicer to use. swatch keeps my pager from going nuts after the first
message which caused the alarm, subsequent messages are ignored for a
defined amount of time, using the "throttle feature".
--
Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79
"Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former" -- Albert Einstein.
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic